Google’s tracking of Safari users could lead to FTC probe
Google's alleged circumvention of do-not-track controls on Apple's Safari browser could lead to big fines from the U.S. Federal Trade Commission if the agency determines Google has violated a privacy settlement the company agreed to in March, some privacy advocates said Friday.
Violations of a settlement with the FTC can lead to fines of US$11,000 per incident. It's unclear how many times Google may have circumvented do-not-track protections on the Safari browser, distributed with iPhones, iPads, some iPods and Macintosh computers.
Google was "incredibly stupid" to slip tracking cookies into Safari, given that the company is under scrutiny by the FTC and privacy advocates, said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. "I'd be very surprised if there was not some type of FTC action."
An FTC spokeswoman didn't immediately return messages seeking comment on the privacy allegations. Read more...
Microsoft exec says Safe Harbor framework is ‘alive and well’
Privacy advocates have expressed concern about Brussels' Commissioner Viviane Reding's decision to leave in place the Safe Harbour framework used by some companies to transfer data from Europe to the US.
The EC's vice president tabled her draft bill for the overhaul of the EU's 1995 data protection law on Wednesday.
However, critics have questioned how the Safe Harbour scheme can remain workable within the wider context of the commissioner's DP legislation proposals.
EU data protection laws currently state that organisations must tell people when they are asked to disclose their personal information. Some companies that meet the requirements of Europe's DP directive are allowed to transfer EU data to the US.
Microsoft is one of them.
Reding's proposals state:
Article 41 sets out the criteria, conditions and procedures for the adoption of an adequacy decision by the Commission, based on Article 25 of Directive 95/46/EC. The criteria which shall be taken into account for the Commission’s assessment of an adequate or not adequate level of protection include expressly the rule of law, judicial redress and independent supervision. The article now confirms explicitly the possibility for the Commission to assess the level of protection afforded by a territory or a processing sector within a third country. Read more...
‘Anonymous’ hackers target US security think tank
The loose-knit hacking movement "Anonymous" claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor. One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses. Read more...
Google offers opt-out method for Wi-Fi geolocation mapping
Google is offering wireless network owners worldwide the possibility of opting out from its Wi-Fi geolocation mapping efforts, in the wake of a decision by the Dutch Data Protection Authority (DPA) that this process is in violation of legislation in the Netherlands.
Google uses its Street View cars to build a global database of wireless access points and their geographic location. The database is used by the company's services and other Android applications to approximate the location of individuals based on the Wi-Fi networks detected by their handsets at a given time.
The same method is used by other smartphone manufacturers like Apple and Microsoft because it's quicker than using GPS and consumes less battery power.
However, the Dutch DPA determined that Wi-Fi MAC addresses, coupled with their geographic location, represent personal information and collecting it without consent is a violation of the Dutch Data Protection Act. Read more...
Sony Pictures falls victim to major data breach
LulzSec, a hacking group that recently made news for hacking into PBS, claimed today that it has broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people.
In a statement released Thursday, the group claimed that it had also managed to compromise all "admin details," including administrator passwords, as well as 75,000 "music codes" and 3.5 million "music coupons" from Sony networks and websites.
The group has publicly posted a full list of compromised sites, along with links to documents containing samples of what it claimed was material stolen from Sony. Read more...